SlideShare une entreprise Scribd logo

Troubleshooting Tips from a Docker Support Engineer

Jeff Anderson
Jeff Anderson

The document discusses various troubleshooting techniques for Docker including using tools like socat and curl to characterize networking and TLS issues, checking container processes and permissions, using volumes to store persistent data, and resolving issues with incorrect localhost references between containers. It also provides examples of troubleshooting issues with a Minecraft server, Ruby application, and Nginx proxy configuration.

Ingénierie
1  sur  97
Télécharger pour lire hors ligne
Troubleshooting Jeff Anderson Developer Support Engineer at Docker @programm3rq
Troubleshooting Basics Common Issues ○ Volumes ○ Networking ○ TLS Advanced Troubleshooting Techniques Troubleshooting
Troubleshooting Basics
1. Characterization 2. Hypothesis 3. Test & Observe Troubleshooting Basics
Common Issues and Questions
Volumes Common Issues and Questions
Minecraft Server ● Single Java Process ● Stores game world state on disk ● Listens on port 25565 Enthusiast/Power User/Tinkerer Bob
FROM java:7 ADD minecraft_server.1.10.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.10.2.jar Minecraft Dockerfile
$ docker build -t mc:1.10.2 . $ docker run -d --name old -p 25565:25565 mc:1.10.2 Minecraft Build and Run
FROM java:7 ADD minecraft_server.1.11.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.11.2.jar Minecraft Dockerfile (updated)
$ docker build -t mc:1.11.2 . $ docker stop old $ docker run -d --name new -p 25565:25565 mc:1.11.2 Minecraft Build and Run (updated)
Where did my stateful minecraft data go?! Bob
Storing important data A volume is a directory on the host that is made available to a container. Docker does this with a bind mount. Volumes
$ mount -o bind /opt/source /opt/destination $ touch /opt/source/test $ ls -li /opt/source/* /opt/destination/* 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/destination/test 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/source/test $ ls -lid /opt/source/ /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/source/ Bind Mount
Three Types 1. Host volume "I want my data to be here specifically" 2. Named Volume "I want to refer to my data later easily" 3. Anonymous Volume "I just want a volume" Volumes
# Host Volume $ docker run -v /opt/hostpath:/container/data … # Named Volume $ docker run -v important_stuff:/container/data … # Anonymous Volume $ docker run -v /container/data … Volume Types
Bob Minecraft data should go in a volume.
$ docker diff old … C /opt/minecraft A /opt/minecraft/server.properties A /opt/minecraft/world A /opt/minecraft/world/region A /opt/minecraft/world/region/r.0.0.mca … Put data in a volume
$ docker volume create minecraft $ docker create --name new -p 25565:25565 -v minecraft:/opt/minecraft mc:1.11.2 $ docker cp old:/opt/minecraft minecraft $ docker cp minecraft new:/opt/ $ docker start new Put data in a volume
Use volumes to designate where stateful data goes Bob
Local dev environment Ubuntu 16.04 desktop Wants to use Docker in her development workflow Ruby Developer Jane
Useful for local development Jane uses RubyMine Wants code auto-reload with the rerun gem Host Volumes
FROM ruby RUN gem install sinatra sqlite3 rerun COPY . /app/code WORKDIR /app/code EXPOSE 4567 CMD rerun 'ruby server.rb -o 0.0.0.0' Ruby App Dockerfile
$ docker build -t my_sinatra_app . $ docker run -p 4567:4567 --name webdev -v /home/jane/code:/app/code my_sinatra_app 23:30:18 [rerun] Code launched /usr/local/bundle/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:9 1:in `initialize': no such table: config … Jane's Ruby App
Useful for local development This development environment needs a test database. By default, it creates an sqlite3 file called test.db This can be initialized with the 'init.sql' file in the project Host Volumes
$ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database Jane's Ruby App
Ruby Developer JaneJane File Permissions
Permission and ownership issues are dealt with in the same way with and without docker. The numeric uid is what matters. Permissions and Ownership
$ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database $ ls -lin … 6721104 -rw-r--r-- 1 1000 1000 163 Apr 18 2017 init.sql 6721145 -rw-r--r-- 1 0 0 0 Apr 18 2017 test.db Jane's Ruby App
Characterization and Hypothesis ● Files created by the container are owned by uid 0 ● The image's default user is uid 0 ● test.db file permissions are 0644 ● sqlite3 is running as uid 1000 (jane) Hypothesis: this is a normal permissions/ownership issue. Permissions and Ownership
Characterization and Hypothesis Do these: ● chown 1000 test.db ● run container as uid 1000 Avoid these: ● chmod 777 ● sudo sqlite3 Permissions and Ownership
examples of containerized process writing files ● database files ● pid files ● bytecode caching ● in-app file uploads ● plugin/theme installation ● log files Permissions and Ownership
Docker for Mac Docker for Mac shares files from macos host to hyperkit VM This file sharing mechanism will ensure files written by containers will always match your macos user id Host Volumes
Ruby Developer Volume Pro JaneJane
Networking Common Issues and Questions
Working on a small Python web application. Early stages of development. Ready to Dockerize the project.Web Developer Small Company Josh
from bottle import route, run, template import socket @route('/') def index(): return str(socket.gethostname()) + 'n' run(host='0.0.0.0', port=8000) Application Code
FROM python:3-alpine RUN pip install bottle ADD . /code WORKDIR /code EXPOSE 8000 CMD ["python", "app.py"] Application Dockerfile
$ docker build -t app . $ docker run -d --name web -p 8000:8000 app $ curl http://localhost:8000 d8939bc62a36 Running the python code
server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://localhost:8000/; } } nginx config file
FROM nginx:alpine RUN rm -f /etc/nginx/conf.d/default.conf ADD nginx.conf /etc/nginx/conf.d/default.conf nginx Dockerfile
$ docker build -t mynginx . $ docker run -d --name nginx -p 80:80 mynginx $ curl http://localhost/ <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.11.10</center> </body> </html> Running nginx
Web Developer Small Company Josh Unexpected 502 Error
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
502 Characterization and Hypothesis ● curl localhost:8000 does not work from nginx container (connection refused) ● curl localhost:8000 works from the app container ● curl 172.18.0.5:8000 works from the nginx container ● curl 172.18.0.5:8000 works from the app container Networking
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000 curlcurl
502 Characterization and Hypothesis Hypothesis: nginx using the 'localhost' upstream is incorrect Test: update the nginx config file with the container ip. Networking
server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://172.18.0.5:8000/; } } nginx config file
$ curl http://localhost d8939bc62a36 Running the python code
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000
Network Service Discovery How will nginx discover the IP going forward? Docker runs a resolver at 127.0.0.11. It resolves container ips by their --name or --net-alias Networking
server { listen 80; server_name localhost; resolver 127.0.0.11; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://web:8000/; } } nginx config file updated
Web Developer Container Networking Specialist Josh
TLS Common Issues and Questions
Docker EE Docker Datacenter Deploys internal apps Devops Team at a big company Working on the Docker Project Steven
Universal Control Plane TLS
Universal Control Plane ● Implements the Docker Daemon API on port 443 ● There is a web GUI as well ● You connect to it with a "client bundle" TLS
$ ls … ca.pem cert.pem key.pem … env.sh $ cat env.sh export DOCKER_TLS_VERIFY=1 export DOCKER_CERT_PATH="$(pwd)" export DOCKER_HOST=tcp://ucp.example.com:443 Client Bundle
$ source env.sh $ docker run --rm -it alpine echo hello dockercon hello dockercon $ docker service create -p 80:80 nginx:alpine ellhziigdmo2hae2z7wxuv4qt Client Bundle
Universal Control Plane TLS
Installed New Certs ● Chrome no longer complains about the self signed certificate ● docker run and docker service still work as they did before TLS
Steven User reports TLS error
$ source env.sh $ docker-compose up -d ERROR: SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) compose TLS issue
TLS issue reported after cert install ● TLS error when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Hypothesis: compose has different TLS client expectations from this TLS endpoint TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match ● Full Chain of Trust ● Chain Root is trusted TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust ● Chain Root is trusted TLS
openssl x509 -noout -text < 0.pem | grep 'Subject:|Issuer:' Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert Subject and Issuer
openssl x509 -noout -text < 1.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 cert Subject and Issuer
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust missing root ● Chain Root is trusted TLS
openssl x509 -noout -text < 2.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 cert Subject and Issuer
root: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 intermediary: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 certificate: Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert chain
Universal Control Plane TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted correct TLS
$ source env.sh $ docker-compose up -d … Creating network "acme_default" with the default driver Creating acme_tomcat_1 Creating acme_apache_1 docker-compose working
TLS issue when using compose ● TLS works when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Python TLS client wants the certificate authority it trusts to be a root certificate. TLS
TLS Pro Steven
Advanced Troubleshooting Techniques
Amber keeps up pace by being proactive She has several general troubleshooting tactics that help characterize issuesWorks at a big company Has been a sysadmin, developer, network admin Currently technical lead on the devops team Amber
Tools - command line utilities ● socat - bidirectional communication over tcp, udp, stdio, pipes, unix domain sockets, etc ● curl - make web requests ● jq - parse, filter, create json text ● regular network tools - iptables, ipvsadm, route, ip, arp, tcpdump, ifconfig ● nsenter - enter a namespace Amber's Toolbox
Tools - command line utilities ● Nico Kabar's netshoot container: ○ https://github.com/nicolaka/netshoot ○ docker pull nicolaka/netshoot ● Jérôme Petazzoni's nsenter ○ https://github.com/jpetazzo/nsenter Amber's Toolbox
$ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock $ docker -H 127.0.0.1:5566 ps MITM docker socket traffic
$ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock > 2017/04/16 10:38:09.400245 length=131 from=115 to=245 GET /v1.26/containers/json HTTP/1.1r Host: 127.0.0.1:5566r User-Agent: Docker-Client/17.03.0-ce (darwin)r Accept-Encoding: gzipr r < 2017/04/16 10:38:09.401486 length=197 from=199 to=395 HTTP/1.1 200 OKr Api-Version: 1.26r Content-Type: application/jsonr Date: Sun, 16 Apr 2017 15:38:09 GMTr Docker-Experimental: truer Server: Docker/17.03.0-ce (linux)r Transfer-Encoding: chunkedr … MITM docker socket traffic
$ curl -s --unix-socket /var/run/docker.sock http::/containers/json | jq '.[].Names[0]' "/focused_tesla" "/exciting_einstein" "/web" "/app" docker ps with curl | jq
$ PID=$(docker inspect --format {{.State.Pid}} happy_tesla) $ nsenter -n -t $PID iptables -nL $ nsenter -t `pidof dockerd` -m nsenter --net=/var/run/docker/netns/ingress_sbox ipvsadm -l $ for i in /var/run/docker/netns/* ; do nsenter -t `pidof dockerd` -m nsenter --net=$i ifconfig; done nsenter
Techniques Host A container networking is working Host B container networking is not They are seemingly identical How to identify the differences? graphical diff! Amber's Toolbox
Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question>
Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question> Characterization Hypothesis
Techniques - How to Ask a Question Amber's Toolbox I'm getting a 502 error when I hit the staging acmecorp endpoint $ curl -vkL https://staging.internal.acmecorp.com/_ping/ … Is there a deploy happening now?
Becoming a Troubleshooting Pro ● Docker Forums https://forums.docker.com/ ● Docker Community Slack https://dockr.ly/community What you can do
THANK YOU Be a troubleshooting pro! @docker #dockercon Jeff Anderson @programm3rq

Recommandé

Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksLaurent Bernaille
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksLaurent Bernaille
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWSLaurent Bernaille
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes Zhichao Liang
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersMichelle Holley
 

Recommandé

Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksLaurent Bernaille
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksLaurent Bernaille
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWSLaurent Bernaille
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes Zhichao Liang
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersMichelle Holley
 
Hyperledger composer
Hyperledger composerHyperledger composer
Hyperledger composerwonyong hwang
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch어형 이
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetesEueung Mulyana
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelpurpleocean
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFBrendan Gregg
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Jean-Frederic Clere
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングYuji ODA
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
 
Staging driver sins
Staging driver sinsStaging driver sins
Staging driver sinsStephen Hemminger
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocationJi-Woong Choi
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
 
A Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITA Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITDocker, Inc.
 
Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Keith Resar
 

Contenu connexe

Tendances

Hyperledger composer
Hyperledger composerHyperledger composer
Hyperledger composerwonyong hwang
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch어형 이
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelpurpleocean
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFBrendan Gregg
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングYuji ODA
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocationJi-Woong Choi
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
 

Tendances (20)

Hyperledger composer
Hyperledger composerHyperledger composer
Hyperledger composer
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdk
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and future
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPF
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリング
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Staging driver sins
Staging driver sinsStaging driver sins
Staging driver sins
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocation
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
 

En vedette

A Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITA Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITDocker, Inc.
 
Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Keith Resar
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Back to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsBack to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsDocker, Inc.
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1Docker, Inc.
 
DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2Docker, Inc.
 
What's New in Docker
What's New in DockerWhat's New in Docker
What's New in DockerDocker, Inc.
 
The Value Of Diverse Experiences
The Value Of Diverse ExperiencesThe Value Of Diverse Experiences
The Value Of Diverse ExperiencesDocker, Inc.
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideDocker, Inc.
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...Docker, Inc.
 
Learning Docker from Square One
Learning Docker from Square OneLearning Docker from Square One
Learning Docker from Square OneDocker, Inc.
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017Carol Smith
 

En vedette (13)

A Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITA Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to IT
 
Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Container Storage Best Practices in 2017
Container Storage Best Practices in 2017
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Back to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsBack to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy Applications
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1
 
DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2
 
What's New in Docker
What's New in DockerWhat's New in Docker
What's New in Docker
 
The Value Of Diverse Experiences
The Value Of Diverse ExperiencesThe Value Of Diverse Experiences
The Value Of Diverse Experiences
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and Decide
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
 
Learning Docker from Square One
Learning Docker from Square OneLearning Docker from Square One
Learning Docker from Square One
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
 
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
 

Similaire à Troubleshooting Tips from a Docker Support Engineer

Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Ben Hall
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peekmsyukor
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year laterChristian Ortner
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作Philip Zheng
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Ben Hall
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
New Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersNew Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersJeff Anderson
 
The How and Why of Windows containers
The How and Why of Windows containersThe How and Why of Windows containers
The How and Why of Windows containersBen Hall
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiDocker, Inc.
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiMike Goelzer
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configurationlutter
 
Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016XP Conference India
 
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruDeploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruSwaminathan Vetri
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline Docker, Inc.
 

Similaire à Troubleshooting Tips from a Docker Support Engineer (20)

Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peek
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year later
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
New Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersNew Docker Features for Orchestration and Containers
New Docker Features for Orchestration and Containers
 
The How and Why of Windows containers
The How and Why of Windows containersThe How and Why of Windows containers
The How and Why of Windows containers
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016
 
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruDeploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 

Dernier

Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitterShivangiSharma879191
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 

Dernier (20)

Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 

Troubleshooting Tips from a Docker Support Engineer

  • 1. Troubleshooting Jeff Anderson Developer Support Engineer at Docker @programm3rq
  • 2. Troubleshooting Basics Common Issues ○ Volumes ○ Networking ○ TLS Advanced Troubleshooting Techniques Troubleshooting
  • 3.
  • 5. 1. Characterization 2. Hypothesis 3. Test & Observe Troubleshooting Basics
  • 8. Minecraft Server ● Single Java Process ● Stores game world state on disk ● Listens on port 25565 Enthusiast/Power User/Tinkerer Bob
  • 9. FROM java:7 ADD minecraft_server.1.10.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.10.2.jar Minecraft Dockerfile
  • 10. $ docker build -t mc:1.10.2 . $ docker run -d --name old -p 25565:25565 mc:1.10.2 Minecraft Build and Run
  • 11.
  • 12. FROM java:7 ADD minecraft_server.1.11.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.11.2.jar Minecraft Dockerfile (updated)
  • 13. $ docker build -t mc:1.11.2 . $ docker stop old $ docker run -d --name new -p 25565:25565 mc:1.11.2 Minecraft Build and Run (updated)
  • 14.
  • 15. Where did my stateful minecraft data go?! Bob
  • 16. Storing important data A volume is a directory on the host that is made available to a container. Docker does this with a bind mount. Volumes
  • 17. $ mount -o bind /opt/source /opt/destination $ touch /opt/source/test $ ls -li /opt/source/* /opt/destination/* 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/destination/test 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/source/test $ ls -lid /opt/source/ /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/source/ Bind Mount
  • 18. Three Types 1. Host volume "I want my data to be here specifically" 2. Named Volume "I want to refer to my data later easily" 3. Anonymous Volume "I just want a volume" Volumes
  • 19. # Host Volume $ docker run -v /opt/hostpath:/container/data … # Named Volume $ docker run -v important_stuff:/container/data … # Anonymous Volume $ docker run -v /container/data … Volume Types
  • 21. $ docker diff old … C /opt/minecraft A /opt/minecraft/server.properties A /opt/minecraft/world A /opt/minecraft/world/region A /opt/minecraft/world/region/r.0.0.mca … Put data in a volume
  • 22. $ docker volume create minecraft $ docker create --name new -p 25565:25565 -v minecraft:/opt/minecraft mc:1.11.2 $ docker cp old:/opt/minecraft minecraft $ docker cp minecraft new:/opt/ $ docker start new Put data in a volume
  • 23. Use volumes to designate where stateful data goes Bob
  • 24. Local dev environment Ubuntu 16.04 desktop Wants to use Docker in her development workflow Ruby Developer Jane
  • 25. Useful for local development Jane uses RubyMine Wants code auto-reload with the rerun gem Host Volumes
  • 26. FROM ruby RUN gem install sinatra sqlite3 rerun COPY . /app/code WORKDIR /app/code EXPOSE 4567 CMD rerun 'ruby server.rb -o 0.0.0.0' Ruby App Dockerfile
  • 27. $ docker build -t my_sinatra_app . $ docker run -p 4567:4567 --name webdev -v /home/jane/code:/app/code my_sinatra_app 23:30:18 [rerun] Code launched /usr/local/bundle/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:9 1:in `initialize': no such table: config … Jane's Ruby App
  • 28. Useful for local development This development environment needs a test database. By default, it creates an sqlite3 file called test.db This can be initialized with the 'init.sql' file in the project Host Volumes
  • 29. $ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database Jane's Ruby App
  • 31. Permission and ownership issues are dealt with in the same way with and without docker. The numeric uid is what matters. Permissions and Ownership
  • 32. $ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database $ ls -lin … 6721104 -rw-r--r-- 1 1000 1000 163 Apr 18 2017 init.sql 6721145 -rw-r--r-- 1 0 0 0 Apr 18 2017 test.db Jane's Ruby App
  • 33. Characterization and Hypothesis ● Files created by the container are owned by uid 0 ● The image's default user is uid 0 ● test.db file permissions are 0644 ● sqlite3 is running as uid 1000 (jane) Hypothesis: this is a normal permissions/ownership issue. Permissions and Ownership
  • 34. Characterization and Hypothesis Do these: ● chown 1000 test.db ● run container as uid 1000 Avoid these: ● chmod 777 ● sudo sqlite3 Permissions and Ownership
  • 35. examples of containerized process writing files ● database files ● pid files ● bytecode caching ● in-app file uploads ● plugin/theme installation ● log files Permissions and Ownership
  • 36. Docker for Mac Docker for Mac shares files from macos host to hyperkit VM This file sharing mechanism will ensure files written by containers will always match your macos user id Host Volumes
  • 39. Working on a small Python web application. Early stages of development. Ready to Dockerize the project.Web Developer Small Company Josh
  • 40. from bottle import route, run, template import socket @route('/') def index(): return str(socket.gethostname()) + 'n' run(host='0.0.0.0', port=8000) Application Code
  • 41. FROM python:3-alpine RUN pip install bottle ADD . /code WORKDIR /code EXPOSE 8000 CMD ["python", "app.py"] Application Dockerfile
  • 42. $ docker build -t app . $ docker run -d --name web -p 8000:8000 app $ curl http://localhost:8000 d8939bc62a36 Running the python code
  • 43. server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://localhost:8000/; } } nginx config file
  • 44. FROM nginx:alpine RUN rm -f /etc/nginx/conf.d/default.conf ADD nginx.conf /etc/nginx/conf.d/default.conf nginx Dockerfile
  • 45. $ docker build -t mynginx . $ docker run -d --name nginx -p 80:80 mynginx $ curl http://localhost/ <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.11.10</center> </body> </html> Running nginx
  • 46. Web Developer Small Company Josh Unexpected 502 Error
  • 47. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
  • 48. 502 Characterization and Hypothesis ● curl localhost:8000 does not work from nginx container (connection refused) ● curl localhost:8000 works from the app container ● curl 172.18.0.5:8000 works from the nginx container ● curl 172.18.0.5:8000 works from the app container Networking
  • 49. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000 curlcurl
  • 50. 502 Characterization and Hypothesis Hypothesis: nginx using the 'localhost' upstream is incorrect Test: update the nginx config file with the container ip. Networking
  • 51. server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://172.18.0.5:8000/; } } nginx config file
  • 53. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
  • 54. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000
  • 55. Network Service Discovery How will nginx discover the IP going forward? Docker runs a resolver at 127.0.0.11. It resolves container ips by their --name or --net-alias Networking
  • 56. server { listen 80; server_name localhost; resolver 127.0.0.11; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://web:8000/; } } nginx config file updated
  • 59. Docker EE Docker Datacenter Deploys internal apps Devops Team at a big company Working on the Docker Project Steven
  • 61. Universal Control Plane ● Implements the Docker Daemon API on port 443 ● There is a web GUI as well ● You connect to it with a "client bundle" TLS
  • 62. $ ls … ca.pem cert.pem key.pem … env.sh $ cat env.sh export DOCKER_TLS_VERIFY=1 export DOCKER_CERT_PATH="$(pwd)" export DOCKER_HOST=tcp://ucp.example.com:443 Client Bundle
  • 63. $ source env.sh $ docker run --rm -it alpine echo hello dockercon hello dockercon $ docker service create -p 80:80 nginx:alpine ellhziigdmo2hae2z7wxuv4qt Client Bundle
  • 65. Installed New Certs ● Chrome no longer complains about the self signed certificate ● docker run and docker service still work as they did before TLS
  • 67. $ source env.sh $ docker-compose up -d ERROR: SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) compose TLS issue
  • 68. TLS issue reported after cert install ● TLS error when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Hypothesis: compose has different TLS client expectations from this TLS endpoint TLS
  • 69. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match ● Full Chain of Trust ● Chain Root is trusted TLS
  • 70. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust ● Chain Root is trusted TLS
  • 71. openssl x509 -noout -text < 0.pem | grep 'Subject:|Issuer:' Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert Subject and Issuer
  • 72. openssl x509 -noout -text < 1.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 cert Subject and Issuer
  • 73. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust missing root ● Chain Root is trusted TLS
  • 74. openssl x509 -noout -text < 2.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 cert Subject and Issuer
  • 75. root: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 intermediary: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 certificate: Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert chain
  • 77. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted TLS
  • 78. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted correct TLS
  • 79. $ source env.sh $ docker-compose up -d … Creating network "acme_default" with the default driver Creating acme_tomcat_1 Creating acme_apache_1 docker-compose working
  • 80. TLS issue when using compose ● TLS works when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Python TLS client wants the certificate authority it trusts to be a root certificate. TLS
  • 83. Amber keeps up pace by being proactive She has several general troubleshooting tactics that help characterize issuesWorks at a big company Has been a sysadmin, developer, network admin Currently technical lead on the devops team Amber
  • 84. Tools - command line utilities ● socat - bidirectional communication over tcp, udp, stdio, pipes, unix domain sockets, etc ● curl - make web requests ● jq - parse, filter, create json text ● regular network tools - iptables, ipvsadm, route, ip, arp, tcpdump, ifconfig ● nsenter - enter a namespace Amber's Toolbox
  • 85. Tools - command line utilities ● Nico Kabar's netshoot container: ○ https://github.com/nicolaka/netshoot ○ docker pull nicolaka/netshoot ● Jérôme Petazzoni's nsenter ○ https://github.com/jpetazzo/nsenter Amber's Toolbox
  • 86. $ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock $ docker -H 127.0.0.1:5566 ps MITM docker socket traffic
  • 87. $ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock > 2017/04/16 10:38:09.400245 length=131 from=115 to=245 GET /v1.26/containers/json HTTP/1.1r Host: 127.0.0.1:5566r User-Agent: Docker-Client/17.03.0-ce (darwin)r Accept-Encoding: gzipr r < 2017/04/16 10:38:09.401486 length=197 from=199 to=395 HTTP/1.1 200 OKr Api-Version: 1.26r Content-Type: application/jsonr Date: Sun, 16 Apr 2017 15:38:09 GMTr Docker-Experimental: truer Server: Docker/17.03.0-ce (linux)r Transfer-Encoding: chunkedr … MITM docker socket traffic
  • 88. $ curl -s --unix-socket /var/run/docker.sock http::/containers/json | jq '.[].Names[0]' "/focused_tesla" "/exciting_einstein" "/web" "/app" docker ps with curl | jq
  • 89. $ PID=$(docker inspect --format {{.State.Pid}} happy_tesla) $ nsenter -n -t $PID iptables -nL $ nsenter -t `pidof dockerd` -m nsenter --net=/var/run/docker/netns/ingress_sbox ipvsadm -l $ for i in /var/run/docker/netns/* ; do nsenter -t `pidof dockerd` -m nsenter --net=$i ifconfig; done nsenter
  • 90. Techniques Host A container networking is working Host B container networking is not They are seemingly identical How to identify the differences? graphical diff! Amber's Toolbox
  • 91.
  • 92.
  • 93. Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question>
  • 94. Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question> Characterization Hypothesis
  • 95. Techniques - How to Ask a Question Amber's Toolbox I'm getting a 502 error when I hit the staging acmecorp endpoint $ curl -vkL https://staging.internal.acmecorp.com/_ping/ … Is there a deploy happening now?
  • 96. Becoming a Troubleshooting Pro ● Docker Forums https://forums.docker.com/ ● Docker Community Slack https://dockr.ly/community What you can do
  • 97. THANK YOU Be a troubleshooting pro! @docker #dockercon Jeff Anderson @programm3rq